/**
 * 
 */
package rewardsonline;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 *
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
		    .csrf().disable()
			.formLogin()
				.loginPage("/login")
				.permitAll()
				.and()
			.authorizeRequests()
				.antMatchers("/images/**").permitAll()
				.antMatchers("/styles/**").permitAll()
				.antMatchers("/resources/**").permitAll()
				.antMatchers("/accounts/**").permitAll()
				.antMatchers(HttpMethod.GET,"/login*").anonymous()
				.antMatchers(HttpMethod.PUT,"/accounts/*").hasRole("ADMIN")
				.antMatchers("/**").hasRole("ADMIN")
				.and()
			.logout()
				.permitAll();
	}
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth
			.inMemoryAuthentication()
				.withUser("joe").password("spring").roles("USER").and()
				.withUser("vince").password("vince").roles("USER").and()
				.withUser("edith").password("edith").roles("ADMIN").and()
				.withUser("admin").password("spring").roles("ADMIN");
	}
	
}
